Configuring Ip Source Guard For Static Hosts On A Layer 2 Access Port - Cisco Catalyst 2960-XR Security Configuration Manual

Configuring IP Source Guard
Command or Action
Step 6
end
Example:
Switch(config)# end
Enabling IP source guard with source IP and MAC filtering on VLANs 10 and 11
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 1/0/1
Switch(config-if)# ip verify source
Switch(config-if)# exit
Switch(config)# ip source binding 0100.0022.0010 vlan 10 10.0.0.2 interface gigabitethernet
1/0/1
Switch(config)# ip source binding 0100.0230.0002 vlan 11 10.0.0.4 interface gigabitethernet
1/0/1
Switch(config)# end

Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port

You must configure the ip device tracking maximum limit-number interface configuration command globally
for IPSG for static hosts to work. If you only configure this command on a port without enabling IP device
tracking globally or by setting an IP device tracking maximum on that interface, IPSG with static hosts rejects
all the IP traffic from that interface.
SUMMARY STEPS
1. configure terminal
2. ip device tracking
3. interface interface-id
4. switchport mode access
5. switchport access vlan vlan-id
6. ip verify source[tracking] [mac-check ]
7. ip device tracking maximum number
8. end
OL-29434-01
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
Purpose
Returns to privileged EXEC mode.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
189